Smart Security
Bruce Schneier, the CTO of Counterpane Internet Security and the author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World," had an interesting op-ed piece in yesterday's Minneapolis Star Tribune. He explained why the data mining the US government is engaging in is, well, stupid and a waste of resources.
Collecting information about every American's phone calls is an example of data mining. The basic idea is to collect as much information as possible on everyone, sift through it with massive computers, and uncover terrorist plots. It's a compelling idea, and convinces many. But it's wrong. We're not going to find terrorist plots through systems like this, and we're going to waste valuable resources chasing down false alarms.
Data mining works best when you're searching for a well-defined profile, a reasonable number of attacks per year, and a low cost of false alarms. Credit-card fraud is one of data mining's success stories: All credit-card companies mine their transaction databases for data for spending patterns that indicate a stolen card.
...Terrorist plots are different; there is no well-defined profile and attacks are very rare. This means that data-mining systems won't uncover any terrorist plots until they are very accurate, and that even very accurate systems will be so flooded with false alarms that they will be useless.
Finding terrorism plots is not a problem that lends itself to data mining. It's a needle-in-a-haystack problem, and throwing more hay on the pile doesn't make that problem any easier. We'd be far better off putting people in charge of investigating potential plots and letting them direct the computers, instead of putting the computers in charge and letting them decide who should be investigated. [Emphasis added]
His article does the math for us (which I haven't included, but which is very easily understood), and it's clear that if the goal of this program is to uncover terrorist plots, it will not only fail, the program will also complicate any other investigation into such plots by sending folks off on wild goose chases. Surely the NSA and the FBI and every other agency involved has to be aware of this by now.
If that is the case, then why does the program continue? Why is the government fighting the current civil case against the telecoms which have cooperated with the government by providing the records? The only answer I could come up with is that the government isn't using the program for the avowed goal at all. It is simply collecting the data on citizens because it can, and because it will be useful for other purposes. Mr. Schneier seems to be implying just that in his conclusion:
By allowing the NSA to eavesdrop on us all, we're not trading privacy for security. We're giving up privacy without getting any security in return.
Collecting information about every American's phone calls is an example of data mining. The basic idea is to collect as much information as possible on everyone, sift through it with massive computers, and uncover terrorist plots. It's a compelling idea, and convinces many. But it's wrong. We're not going to find terrorist plots through systems like this, and we're going to waste valuable resources chasing down false alarms.
Data mining works best when you're searching for a well-defined profile, a reasonable number of attacks per year, and a low cost of false alarms. Credit-card fraud is one of data mining's success stories: All credit-card companies mine their transaction databases for data for spending patterns that indicate a stolen card.
...Terrorist plots are different; there is no well-defined profile and attacks are very rare. This means that data-mining systems won't uncover any terrorist plots until they are very accurate, and that even very accurate systems will be so flooded with false alarms that they will be useless.
Finding terrorism plots is not a problem that lends itself to data mining. It's a needle-in-a-haystack problem, and throwing more hay on the pile doesn't make that problem any easier. We'd be far better off putting people in charge of investigating potential plots and letting them direct the computers, instead of putting the computers in charge and letting them decide who should be investigated. [Emphasis added]
His article does the math for us (which I haven't included, but which is very easily understood), and it's clear that if the goal of this program is to uncover terrorist plots, it will not only fail, the program will also complicate any other investigation into such plots by sending folks off on wild goose chases. Surely the NSA and the FBI and every other agency involved has to be aware of this by now.
If that is the case, then why does the program continue? Why is the government fighting the current civil case against the telecoms which have cooperated with the government by providing the records? The only answer I could come up with is that the government isn't using the program for the avowed goal at all. It is simply collecting the data on citizens because it can, and because it will be useful for other purposes. Mr. Schneier seems to be implying just that in his conclusion:
By allowing the NSA to eavesdrop on us all, we're not trading privacy for security. We're giving up privacy without getting any security in return.
1 Comments:
By allowing the NSA to eavesdrop on us all, we're not trading privacy for security. We're giving up privacy without getting any security in return.
which seems to me to be the whole point anyway: the war on terror is, in fact, and has always been, a war on the privacy of USers. Privacy is dangerous to Fascism.
Post a Comment
<< Home